CVE-2025-62686

A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a RESTRICT segment, a local user may exploit the DYLDINSERTLIBRARIES environment...

ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.stainless:grails-tika (=0.1.0) +739 more potentially affected by CVE-2025-54988 +1 more via org.apache.tika:tika-parsers (>=1.13 <=1.9)

org.apache.tika:tika-parsers MAVEN version =1.13, =1.3, =1.0.1, =3.6.1, =3.11.0, =4.6.0, =8.10.1.3, =8.10.1.3, =8.10.1.3, =0.1, =3.0.0, =3.0.1 and more Source cves: CVE-2025-54988, CVE-2025-66516 Source advisory: OSV:GHSA-F58C-GQ56-VJJF...

Adobe Experience Manager (AEM) Debugging Client Libraries Exposure

This plugin detects the presence of the Adobe Experience Manager AEM Debugging Client Libraries on a web server. These libraries are intended for development and debugging purposes and should not be exposed in a production environment, as they may contain sensitive information or functionality th...

Security Bulletin: IBM Automation Decision Services for October 2025 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-46653...

CVE-2025-62686

This CVE affects Plugin Alliance Installation Manager v1.4.0 on macOS, specifically the InstallationHelper service. The root cause is missing hardened runtime and a __RESTRICT segment, allowing local users to abuse the DYLD_INSERT_LIBRARIES environment variable to inject a dynamic library, potent...

EUVD-2025-200324

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries...

CVE-2025-64642

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries...

CVE-2025-64642

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries...

CVE-2025-64642

CVE-2025-64642 concerns NMIS/BioDose V22.02 and earlier, where default insecure file permissions on installation directories could allow local users to modify program executables and libraries. Multiple sources (NVD, Red Hat, EUVD, CVE lists, and ICS advisory) describe the issue as an insecure in...

agentengine-sdk-python (>=0.2.0 <=0.4.0), agentic-chat-ui (>=0.1.0 <=0.2.4) +42 more potentially affected by CVE-2025-68492 via chainlit (>=2.0.0 <=2.6.3)

chainlit PYPI version =2.0.0, =0.2.0, =0.1.0, =0.3.0, =0.0.3, =0.14.0, =0.0.0, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =0.1.1, =0.1.0, =1.3.0 and more Source cves: CVE-2025-68492 Source advisory: SNYK:PYTHON-CHAINLIT-14157231...

Facebook Proxygen 安全漏洞

Facebook Proxygen is a set of open source C++ HTTP class libraries from Facebook Inc. in the United States. A security vulnerability exists in Facebook Proxygen that stems from an infinite loop triggered when processing large requests, which could lead to memory exhaustion...

PT-2025-48780

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries...

EUVD-2025-199943

The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer...

PT-2025-48402

The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer...

CVE Breadcrumbs: Tracking Vulnerabilities through Versioned Apache Libraries

The Apache Software Foundation ASF ecosystem underpins a vast portion of modern software infrastructure, powering widely used components such as Log4j, Tomcat, and Struts. However, the ubiquity of these libraries has made them prime targets for high-impact security vulnerabilities, as illustrated...

net.codinux.invoicing:e-invoice (>=0.5.0 <=0.5.2), net.codinux.invoicing:e-invoice-jvm (>=0.6.0 <=0.7.3) potentially affected by CVE-2025-66372 via org.mustangproject:validator (>=2.14.2 <=2.15.1)

org.mustangproject:validator MAVEN version =2.14.2, =0.5.0, =0.6.0, =0.7.3 Source cves: CVE-2025-66372 Source advisory: SNYK:JAVA-ORGMUSTANGPROJECT-14147556...

Installer of INZONE Hub may insecurely load Dynamic Link Libraries

Overview The installer of INZONE Hub provided by Sony Corporation contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2025-64772 Kazuma Matsumoto of GMO Cybersecurity by IERAE,...

deezspot-spotizerr (>=2.2.4 <=3.1.5), deezspot-spotizerr-phoenix (>=0.0.11 <=0.0.14) +35 more potentially affected by CVE-2025-66040 via spotipy (>=2.10.0 <=2.25.1)

spotipy PYPI version =2.10.0, =2.2.4, =0.0.11, =0.0.10, =2.6.0, =0.0.3, =0.0.1, =0.2.0, =0.1.1, =0.1.0, =0.0.2.dev4, =0.0.2.dev11 and more Source cves: CVE-2025-66040 Source advisory: SNYK:PYTHON-SPOTIPY-14135648...

Exploring Hidden Geographic Disparities in Android Apps

While mobile app evolution has been widely studied, geographical variation in app behavior remains largely unexplored. This paper presents a large-scale study of location-based Android app differentiation, uncovering two important and underexamined phenomena with security and fairness implication...

CVE-2025-63685

Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of regsvr32.exe it loads. An attacker can place a crafted malicious DLL in the application's...